On Mon, Jan 20, 2003 at 04:22:34PM -0700, Bob Proulx wrote:
> Craig Jackson wrote:
> > # chmod +s /sbin/shutdown
> >
> > This is not something I would do though. Why don't you do this when you
> > want to shut down:
>
> I recommend against doing that chmod on shutdown. It has not been
> inspected for security holes and that might open big ones.
>
> If you really want any user that can log into the box to be able to
> reboot it then instead, install sudo, then put something like this in
> the sudoers file (using visudo).
>
> ALL ALL=NOPASSWD: /sbin/shutdown
Hmmmm, I'm intrigued: how is this different to setuid'ing it? Any user
can still run it as root...
-rob